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METHOD FOR LICENSING AND/OR AUTHORIZING ACCESS TO 
SOFTWARE MODULES IN A SWITCHING DEVICE 

CROSS REFERENCE TO RELATED APPLICATIONS 
[0001] This application is the US National Stage of International Application No. 
PCT/EP2004/009154, filed August 16, 2004 and claims the benefit thereof The 
International Application claims the benefits of European application No. 03021963.8 EP 
filed September 30, 2003, both of the applications are incorporated by reference herein in 
their entirety. 

FIELD OF INVENTION 

[0002] The invention relates to a method for licensing and/or authorizing access to 
software modules in a computer-controlled switching device. 

BACKGROUND OF INVENTION 

[0003] In a communication network, such as the telephone network for example, the 
connection between geographically remote communication subscribers is made by 
defining sections of a transmission path one at a time. The path selection is the central 
task of computer-controlled switching devices. These types of switching devices are also 
known as switching processors, call processors or node processors. 

[0004] In current private branch exchange networks, computer-controlled switching 
devices are operated as both conventional telecommunication systems and also as pure IP 
systems. It is usual to have systems in different size categories, i.e. small private branch 
exchanges with up to 15 extensions up to large private branch exchange systems with a 
tens of thousands of extensions. The function and services of ISDN private branch 
exchange systems are defined in the intemational standards of the ITU. 

[0005] Each private branch exchange access line has a range of functions 
predetermined by service features, which are predetermined in the assigned switchboard 
computer by configuration or administration of software modules. This configuration or 
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administration can be instigated by the operator of the private branch exchange network 
or undertaken by operators themselves by using administration commands of the control 
to activate software modules in a switching device. 

[0006] Services features are divided up in accordance with the type of traffic into 
service features for incoming traffic, for outgoing traffic, for routing, for Internet traffic, 
for charge data recording, for call diversion, interception, for different multilingual text 
outputs, ISDN service features etc. Each of these service features corresponds in the 
switching device to a specific function component, which is mostly implemented by a 
software module. 

[0007] The currently available functionality of a switching device is determined by the 
software modules activated. As a rule the operator of the private branch exchange 
network obtains a license from the manufacturer of the switching device to use these 
software modules. 

[0008] Since requirements imposed on a communication system must be oriented to 
the predetermined demands of the communication user, it is necessary fi-om time to time 
to reconfigure or administer the capacity stage of switching devices in the network. Thus 
for example it can be necessary to increase the maximum possible number of 
communication users of a private branch exchange, or to offer new, improved service 
features. This adaptation can be achieved by loading new software modules into the 
database of the switching device and adapting the usage license of the operator 
accordingly. The loading of new software models is however associated with a 
corresponding outlay so that manufacturers of the switching devices have gone over to 
delivering the devices with a fiill range of application software, but with the application 
software only bemg able to be used within the framework of a licensing agreement made 
between the device manufacturer and the network operator. The manufacturer of 
switching devices makes every effort in such cases to ensure, by means of protection 
mechanisms, that the actual scope of usage only varies within the framework of this 
licensing agreement and that misuse of the arrangement is largely excluded. 
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[0009] Various protection mechanisms for software products are known from 
computer technology. With personal computers it is usual nowadays to use what are 
known as dongles. A dongle is an additional hardware part and contains unique and 
immutable characteristic information. When the software to be protected is started the 
program interrogates the dongle to ensure that the corresponding characteristic 
information is stored in it. If it is, the software can run on the personal computer, if not 
the execution is not permitted. A dongle can also used for a specific software product on 
a another processor unit provided the hardware and the operating system match. If a 
number of software products are used on a computer system they each require the 
corresponding dongle. 

SUMMARY OF INVENTION 

[0010] The use of dongles in the configuration or administration of switching devices 
is cumbersome and problematic as regards security since there is no provision for storing 
digital keys with a dongle. 

[0011] An underlying object of the invention is to simplify the licensing and/or access 
authorization for software modules in a computer-controlled switching device and to 
allow flexible adaptation to changing demands. 

[0012] The object is achieved by the features of the claims. The dependent claims 
relate to advantageous embodiments of the invention. 

[0013] The main aspect of the inventive solution proposed consists of making 
software modules which are already kept with the full range of functions in a switching 
device scalable, i.e. only able to be used within a predetermined licensing framework. 

[0014] In accordance with the invention there is provision for use of a licence 
database in which a all those software modules are stored with the ftiU range of functions 
which are necessary for a fiill capacity stage of the switching device. The license 
database can for example be implemented by conventional disk storage, a hard disk. 
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License information is assigned to each software module on this hard disk. If, as a result 
of a configuration or administration, at least one of these software modules is activated, 
in a first step an interaction is initiated between the licence database and a computer- 
readable data carrier. The aim of this interaction is to check the unique relationship 
between the hard disk used for the database and secret information stored on a computer- 
readable data carrier. This identity checking can for example be undertaken by comparing 
the hard disk identification number and a secret key stored on the computer-readable data 
carrier. The result of this identity checking is hardware characteristic information which 
provides information about whether the key and the storage hardware match each other. 
In a further step this hardware characteristic is now transferred together with the license 
information of the at least one software module from the switching computer via a 
communication connection to a license manager geographically remote from the 
exchange. The licence manager decides about the authorization of the at least one 
software module to be configured by generating licence confirmation information which 
it sends back to the switching device. Conununication between the switching device and 
a licence manager can for example be undertaken via a telephone or fax connection or 
can be established by computer communication Since the licence manager has access on 
the one hand to information about the identity of the hardware platform and on the other 
hand to information about the scope of usage of software modules operated on it, the 
licensing or access authorization to software modules is possible in a simple manner. 

[0015] To largely exclude misuse a cryptographic algorithm is used in the interaction 
between the licence database and the computer-readable data carrier. 

[0016] It is preferred that an asymmetric encryption method which is known per se is 
used in the interaction between the licence database and the computer-readable data 
carrier. 

[0017] Preferably the computer-readable data carrier is embodied as a portable data 
carrier. This means that in the case of a hardware failure a main circuit board can simply 
be replaced and the portable data carrier can continue to be used on the new main circuit 
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board. The switching device does not have to be completely reconfigured. This is of 
decisive importance since the downtimes of a switching device can be significantly 
reduced in this way. 

[0018] The portable data carrier can advantageously be embodied as a smart card, a 
chip card or a Secure Digital/MultiMedia Card. Compared to a software dongle the above 
cards are more cost effective. These cards are used and handled in much the same way as 
the SIM cards used in mobile telephones. These are plug-in cards and can thus continue 
to be used in a new switching device. 

[0019] As regards data security it is usefiil for the hardware characteristic information 

and the licensing information to be transferred by the switching computer to the licence 
manager in encrypted form. The security level is scalable through the functional scope of 
the above-mentioned cards. 

[0020] In a preferred embodiment the licence manager is implemented as a server 
which is administered by the manufacturer of the switching device. The server features a 
licence reference database This contains, in the form of reference information, the 
licences which have been purchased by an operator. 

[0021] In this case it is recommended that the licence manager, when it generates the 
license confirmation information, uses a licence reference database in which reference 
information is stored containing reference information assigned to operators of switching 
devices in each case. This not only facilitates the administration of licences but also 
makes it possible for large customers to administer licences in a licence pool for example. 
This means that licences in the licence pool which have been paid for it but are not being 
used can be flexibly assigned to the actual requirements of the customer. 

[0022] In a preferred embodiment there is provision for the licensing information of a 
software module to be configured to be contained in the licences purchased by the 
operator, for licensing confirmation information to be generated which authorizes the 
continuous operation of the software module in the switching device. 
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[0023] In a further preferred embodiment there is provision, in the case in which the 
licence information of a software module to be configured is not contained in the licences 
purchased by the operator, for licensing confirmation information to be generated which 
authorizes test operation of the software module in the switching device over a 
predetermined period of time. 

[0024] It is useful if the communication link between the switching device and the 
licence manager is routed via a circuit-switched and/or packet-switched communication 
network. This means that the switching device can be remotely administered or remotely 
configured by steps that execute automatically. 

BRIEF DESCRIPTION OF THE DRAWING 

[0025] The invention is explained by examples below with reference to the enclosed 
drawing. 

[0026] The single figure shows a schematic diagram of a scenario of licensing and/or 
access authorization of software modules of a computer-controlled switching device. 

DETAILED DESCRIPTION OF INVENTION 

[0027] The Figure shows a switching device 1 which communicates with a license 
manager 2 via a communications link indicated by arrows 6,7,8. In the switching device 1 
the reference number 4 designates a database (system hard disk) which is part of a system 
database 5. The hard disk 4 is assigned a computer-readable data carrier 3. This data 
carrier 3 is embodied as a SIM card 10. It can be plugged into a reader known as an SSU 
(Security Service Unit) arranged on a circuit board of the switching device. If the circuit 
board fails it is possible to continue to use the SIM card on a new circuit board. The 
functional scope of the controller on the SIM card corresponds to some degree to the SIM 
cards used in bank cards. On the circuit board a controller ( e.g. of type TDA 8007) for 
activation of the card is assigned to the SIM card. The software modules which represents 
service features of the switching device are stored in the licence database 4. 
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[0028] For the following description of the execution sequence of the method the 
initial assumption is made that, although the licence database 4 of the switching device 1 
contains all the software modules required for full performance of the system, only those 
software modules are currently being used for which the operator of the switching device 
is licensed by the manufacturer of the switching device. 

[0029] To expand the capacity stage of the switching device and adapt it to growing 
demand at least one non-licensed software module is activated by the operator. This 
activation initially triggers an interaction between the licence database 4 and the data 
carrier 3. (this interaction is shown in the drawing by the arrow 9) The aim of this 
interaction 9 is to check whether the system hard disk 4 matches a secret key present on 
the data carrier 3. The result of this identity checking is hardware characteristic 
information which provides information as to whether the key and the memory hardware 
have been recognized as matching each other. 

[0030] If this is the case, in a subsequent step (arrow 13) corresponding hardware 
characteristic information is created and this is transferred together with the licence 
information of the at least one software module from the switching computer 1 via a 
communication connection 5 to the licence manager 2 at a geographically remote location 
from the exchange 1 . In the licence manager 2 an inquiry is made in a licence reference 
database as to whether the operator identified is authorized to use the desired or already 
configured software module in his system. If the user is authorized as a result of an 
existing licence agreement, the licence manager 2 decides about the authorization of the 
least one software module to be configured in the switching device 1 by generating 
licence confirmation information (labelled as "License Confirmation" in the drawing) and 
returning this to the switching device 1 . (the return path is shown in the drawing by the 
arrow 8) This adapts the application software of the switching device 1 to the license 
framework in respect of its scope of performance. 

[0031] If on the other hand the user does not have the license for the desired or newly 
configured capacity stage version of the switching device 1, the licence manager creates 
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second licence confirmation information which differs from that provided above (labelled 
in the drawings as "30 days trial confirmation"). In this case too this second licence 
confirmation information is retumed to the switching device 1. (the return path is shown 
in the drawing by the arrow 7) As the arrow 1 1 ("trial confirmation") indicates, this 
information transferred leads in the switching device 1 to the desired configuration 
capacity not been provided for long-term use but only on a test basis, for example for a 
specific period, 30 days in this example. 

[0032] Test operation is also enabled in case when the key and the memory are not 
recognized as matching each other. This is shown in the drawing by the arrow 12. 

[0033] The test operation can be shown on the display of a subscriber terminal. In the 
drawing for example this is shown schematically by field 14. This shows: The current 
time of day "13:45", the current date "21.09.01", the type of installation "HiPath4000", 
the own telephone number "32409" as well as the label "DEMO". The label "DEMO" 
indicates that this service feature is not enabled on a permanent basis but only for test 
purposes. 
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